from flask import Flask,jsonify,request,Blueprint,session
from common.res import (getRes,getErrorRes,getSuccessRes,getDataRes)
from common.sqlInjectionSecurity import sqlEscape,sqlEscapeField
from DAL.rightDAL import usersDAL,moduleDAL
from controller.permissionAttr import islog

right_module = Blueprint('right_module',__name__)

@right_module.route("/right_module/getlist",methods=['POST'])
@islog
def module_getlist():
    dal = moduleDAL()
    data = dal.getList()
    if data:
        res = getSuccessRes(data=data)
    else:
        res = getSuccessRes(data=[])
    return jsonify(res)

@right_module.route("/right_module/delete_by_id",methods=['POST'])
@islog
def delete_by_id():
    param = {
        'id': request.form.get('id') or None
    }
    if not param['id']:
        res = getErrorRes("你输入的参数有错！")
        return jsonify(res)
    dal = moduleDAL()
    data = dal.deleteById(**param)
    res = getSuccessRes(data=data)
    return jsonify(res)

@right_module.route("/right_module/update",methods=['POST'])
@islog
def update():
    param = {
        'id': request.form.get('id') or None,
        'pguid': request.form.get('pguid') and sqlEscape(request.form.get('pguid')) or "",
        'module_name': request.form.get('module_name') and sqlEscape(request.form.get('module_name')) or None,
        'url': request.form.get('url') and sqlEscape(request.form.get('url')) or "",
        'state': request.form.get('state') and sqlEscape(request.form.get('state')) or None
  }
    if not param['id']:
        res = getErrorRes("参数id必须填写！")
        return jsonify(res)
    if not param['module_name']:
        res = getErrorRes("模块名称必须填写！")
        return jsonify(res)

    dal = moduleDAL()
    data = dal.update(**param)
    res = getSuccessRes(data=data)
    return jsonify(res)

@right_module.route("/right_module/add",methods=['POST'])
@islog
def add():
    param = {
        'pguid': request.form.get('pguid') and sqlEscape(request.form.get('pguid')) or '1',
        'guid': request.form.get('guid') and sqlEscape(request.form.get('guid')) or None,
        'module_name': request.form.get('module_name') and sqlEscape(request.form.get('module_name')) or None,
        'url': request.form.get('url') and sqlEscape(request.form.get('url')) or None,
        'state': request.form.get('state') and sqlEscape(request.form.get('state')) or None
       }
    if not param['module_name']:
        res = getErrorRes("模块名称必须填写！")
        return jsonify(res)
    dal = moduleDAL()
    data = dal.add(**param)
    res = getSuccessRes(data=data)
    return jsonify(res)



